For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-e6u.md. A documentation index is available at /llms.txt.

Redshift Serverless namespaces should be encrypted with a customer-managed KMS key

Description

Redshift Serverless namespaces should be encrypted using a customer-managed KMS key rather than the default AWS-managed key. Customer-managed keys provide full control over key rotation policies, access permissions via KMS key policies, and the ability to revoke or disable the key.

Remediation

Configure the namespace to use a customer-managed KMS key. For guidance, refer to Data protection in Amazon Redshift Serverless.